The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Extended detection and response (XDR) is expected to be the future of cybersecurity, merging security technologies with the evolving approach to the way we do cybersecurity. And while many organizations are scrambling to integrate XDR into their cybersecurity strategies – even more are still trying to figure out what XDR really is and if it's even the right solution for their organization.  But there are some organizations that are getting lost in the debate and are wondering if there is a place for them in this new frontier of cybersecurity: organizations with lean security teams and limited resources.  Fortunately, Cynet, a cybersecurity company, is hosting an upcoming webinar in partnership with Enterprise Strategy Group (ESG) that will explore how choosing the right XDR can be impactful for companies lean security teams [ register here ]. During the webinar, Jon Oltsik, Senior Principal Analyst with ESG, and George Tubin, Director of Product Strategy at Cynet, will cove...

The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments. The threat actor is said to have targeted entities in the telecommunication, internet service provider and data services sectors from August 2021 to February 2022, expanding from the initial victimology patterns observed during its attacks exploiting the then zero-day flaws in  Microsoft Exchange Servers  in March 2021. Microsoft Threat Intelligence Center (MSTIC), which dubbed the defense evasion malware " Tarrask ," characterized it as a tool that creates "hidden" scheduled tasks on the system. "Scheduled task abuse is a very common method of persistence and defense evasion — and an enticing one, at that," the researchers  said . Hafnium, while most notable for Exchange Server attacks, has since leveraged unpatched zero-day vulnerabilities as initial vectors to drop web shells and other mal...

The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday  disclosed  that it thwarted a cyberattack by Sandworm , a hacking group affiliated with Russia's military intelligence, to sabotage the operations of an unnamed energy provider in the country. "The attackers attempted to take down several infrastructure components of their target, namely: Electrical substations, Windows-operated computing systems, Linux-operated server equipment, [and] active network equipment," the State Service of Special Communications and Information Protection of Ukraine (SSSCIP)  said  in a statement. Slovak cybersecurity firm ESET, which collaborated with CERT-UA to analyze the attack, said the attempted intrusion involved the use of ICS-capable malware and regular disk wipers, with the adversary unleashing an updated variant of the  Industroyer  malware, which was first deployed in a 2016 assault on Ukraine's power grid. "The Sandworm attackers made an attemp...

An international law enforcement operation raided and took down RaidForums, one of the world's largest hacking forums notorious for selling access to hacked personal information belonging to users. Dubbed Tourniquet, the seizure of the cybercrime website involved authorities from the U.S., U.K., Sweden, Portugal, and Romania, with the criminal investigation resulting in the  arrest  of the forum's administrator at his home last month in Croydon, England. The three confiscated domains associated with the illicit marketplace include "raidforums[.]com," "Rf[.]ws," and "Raid[.]lol." Diogo Santos Coelho (aka "Omnipotent"), the said founder and chief administrator, was apprehended in the U.K. on January 31 and is pending extradition to the U.S. Santos Coelho has been charged with conspiracy, access device fraud, and aggravated identity theft. In addition to detailing Santos Coelho's central role in designing and administering the soft...

Microsoft's Patch Tuesday updates for the month of April have addressed a  total of 128 security vulnerabilities  spanning across its software product portfolio, including Windows, Defender, Office, Exchange Server, Visual Studio, and Print Spooler, among others. 10 of the 128 bugs fixed are rated Critical, 115 are rated Important, and three are rated Moderate in severity, with one of the flaws listed as publicly known and another under active attack at the time of the release. The updates are in addition to  26 other flaws  resolved by Microsoft in its Chromium-based Edge browser since the start of the month. The actively exploited flaw ( CVE-2022-24521 , CVSS score: 7.8) relates to an elevation of privilege vulnerability in the Windows Common Log File System (CLFS). Credited with reporting the flaw are the U.S. National Security Agency (NSA) and CrowdStrike researchers Adam Podlosky and Amir Bazine. The second publicly-known zero-day flaw ( CVE-2022-26904 , C...

Unsurprisingly, here at  Rewind , we've got a lot of data to protect (over 2 petabytes worth). One of the databases we use is called Elasticsearch (ES or Opensearch, as it is currently known in AWS). To put it simply, ES is a document database that facilitates lightning-fast search results. Speed is essential when customers are looking for a particular file or item that they need to restore using  Rewind . Every second of downtime counts, so our search results need to be fast, accurate, and reliable. Another consideration was disaster  recovery . As part of our  System and Organization Controls Level 2 (SOC2)  certification process, we needed to ensure we had a working disaster recovery plan to restore service in the unlikely event that the entire AWS region was down. "An entire AWS region?? That will never happen!" (Except for  when it did )  Anything is possible, things go wrong, and in order to meet our SOC2 requirements we needed to have a work...

Researchers have disclosed a previously undocumented local file inclusion ( LFI ) vulnerability in  Hashnode , a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server's IP address, and other network information. "The LFI originates in a  Bulk Markdown Import feature  that can be manipulated to provide attackers with unimpeded ability to download local files from Hashnode's server," Akamai researchers said in a report shared with The Hacker News. Local file inclusion flaws occur when a web application is tricked into exposing or running unapproved files on a server, leading to directory traversal, information disclosure, remote code execution, and cross-site scripting (XSS) attacks. The flaw, caused due to the web application failing to adequately sanitize the path to a file that's passed as input, could have serious repercussions in that an assailant could navigate to any path on the server and access s...

Senior officials in the European Union were allegedly targeted with NSO Group's infamous Pegasus surveillance tool, according to a  new report  from Reuters. At least five individuals, including European Justice Commissioner Didier Reynders, are said to have been singled out in total, the news agency said, citing documents and two unnamed E.U. officials. However, it's not clear who used the commercial spyware against them or what information was obtained following the attacks. NSO Group said in a statement shared with Reuters that it was not responsible for the hacking attempts, adding that the targeting "could not have happened with NSO's tools." The intrusions are said to have come to light after Apple notified the victims of state-sponsored attacks last November as part of its efforts to stop the Israeli surveillance firm from targeting its customers. That same month, the iPhone maker  filed a lawsuit  against NSO Group, seeking a court-issued injunction ...